The updated NIS2 Directive, focuses on enhancing the resilience of critical sectors across the EU by tightening cybersecurity requirements to ensure the security and continuity of essential services in the face of escalating digital threats.
The NIS2 Directive has a broadened scope to additional sectors and entities vital to the EU's economy and society. Organisations are classified depeding on factors such as size, sector and criticality into two categories: essential and important entities.
Highly critical sectors in scope are:
- Digital infrastructure (electronic communications, trust services, domain name services, top level domain registries, cloud services, data centers, internet exchange points, content delivery networks);
- Energy (electricity, district heating, oil, gas and hydrogen);
- Transport (air, rail, water, road);
- Banking and Financial market infrastructures;
- Health (healthcare providers, EU reference labs, research and manufacturing of pharmaceuticals and medical devices);
- Drinking water and waste water;
- Public administrations;
- Space.
Other critical sectors in scope are:
- Postal and courier services
- Waste management
- Manufacture, production and distribution of chemicals
- Manufacturing
- Digital providers
- Research
Alongside the provisions of the NIS2, new requirements from other key horizontal and sector-specific legislations, such as the Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA), have been introduced.
In the effort to further support organisations and authorities in adhering with the provisions of the NIS 2 Directive, ENISA has developed a NIS2 awareness campaign. The purpose of this informative material and resources is to educate businesses and competent authorities by providing a comprehensive overview of the Directive’s requirements, illustrating how it affects them.
